You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2019/10/22 07:17:40 UTC
[GitHub] [skywalking] wkshare opened a new issue #3684: security scan of
skywalking source
wkshare opened a new issue #3684: security scan of skywalking source
URL: https://github.com/apache/skywalking/issues/3684
Please answer these questions before submitting your issue.
- Why do you submit this issue?
- [X] Question or discussion
- [ ] Bug
- [ ] Requirement
- [ ] Feature or performance improvement
___
### Question
We tried to scan skywalking and get some results:
example:
```
Method getInputStream at line 69 of skywalking-master/oap-server/server-receiver-plugin/zipkin-receiverplugin/
src/main/java/org/apache/skywalking/oap/server/receiver/zipkin/handler/SpanProcessor.java gets user
input from element getInputStream . This element’s value flows through the code without being validated, and
is eventually used in a loop condition in convert at line 48 of skywalking-master/oap-server/server-receiverplugin/
zipkin-receiverplugin/
src/main/java/org/apache/skywalking/oap/server/receiver/zipkin/handler/SpanProcessor.java. This
constitutes an Unchecked Input for Loop Condition.
```
我们正在评测使用Skywalking。
由于公司安全部门的一些要求,对于如上的一些问题,是否会考虑对代码做一些修正?
我们可以来提这些PR
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services